Active-Active Configurations and Failover Testing: Lynchpins for Business Continuity

The following is a guest article by Klas Andreaason, Director, Product Management, DeliverHealth.

In a recent survey by Protenus, hacking incidents in healthcare rose by 42% during 2020. Clearly the odds aren’t in your favor if you choose to roll the dice when it comes to the security of your organization’s clinical documentation systems and data. It’s not really a matter of if, but when, your clinical documentation become the target of a cyberattack.

Therefore, it’s increasingly important to build an airtight business continuity plan across your organization to protect data and systems from attack, along with constant monitoring and assessment of that plan. This should include secure, redundant, and highly available systems with regular failover and penetration testing.

The goal? Achieve clinical documentation system resilience in today’s high-risk IT environment.

Active-Active Configurations Defined

Active-active is defined as, “the ability to seamlessly and automatically switch to a reliable backup system. Either redundancy or moving into a standby operational mode when a primary system component fails should achieve failover and reduce or eliminate negative user impact.”

In short, active-active configurations allow organizations to remain operational in the event of an attack on their systems or a widespread outage caused by a natural disaster. Without this ability to pivot – and pivot quickly – the security and integrity of the clinical documentation data in your charge is at serious risk. This directly impacts productivity, revenue, and reputation.

For example, Scripps Health was recently forced to shut down their IT systems, reschedule appointments, and return to paper charts for documentation due to a cyberattack. The impact was far-reaching – 400 care sites and an estimated $67M in lost revenue and recovery costs.

This event further illustrates the need to build in active-active configurations with frequent failover testing as part of any business continuity plan.

Three Tips to Build an Effective Failover Testing Plan

Failover testing validates the entire environment’s ability to maintain uptime during a crisis. However, most organizations don’t do it enough – or do it in an optimal way.

Only a little over 50 percent of organizations report doing failover testing once a year or more, and 33 percent say they do it very infrequently. If you’re one of the few that has a routine cadence of testing, then you’re already ahead of the game. If not, it’s time to put together a plan.

Think like a hacker: Another step that should be taken is to perform penetration testing. This is where you put on your hacker hat and intentionally attack your own system. The benefit of penetration testing is being able to assess any potential holes and risks, finding them before a real hacker does.

Ask your vendors about RTO and RPO performance. In an unavoidable event, the focus on redundancy shifts to system and data recovery through recovery time objective (RTO) and recovery point objective (RPO) commitments from the BA. RTO is the time needed to recover core tenets of a disaster recovery strategy. RPO describes data loss and helps to inform the development of a backup strategy. For clinical documentation systems, RTO and RPO should be measured in minutes, not hours.

The fight against cyber security threats in healthcare IT is a never-ending battle. Remain proactive and establish a strong business continuity plan with active-active configurations and failover tests in the production environment. These steps coupled with penetration testing and other security measures mentioned above greatly improve your clinical documentation data and systems’ chances of quickly recovering from an attack. Otherwise, you’re tempting fate.

   

Categories